[Dovecot] tls and auth plain login

Bradley Giesbrecht bradley.giesbrecht at gmail.com
Tue Mar 3 20:48:18 EET 2009 

Hello List,


I want to allow plain text passwords only on ssl/tls.

Is it possible to have:
auth default {
     mechanisms = cram-md5 ntlm
......
}

and then over-ride this when connection is ssl/tls to allow plain and  
login?

I have tried adding "mechanisms = plain login cram-md5 ntlm" to  
"protocol imaps{}" as an example but I get an error that the protocol  
does not exist.

I read somewhere today that dovecot enables plain automatically over  
secure connections (ssl/tls) but I'm not seeing it.

Also, "auth default" suggests that "auth something_else" is possible.  
I'm probably just doing a poor job of research but I'm not finding the  
answers I'm seeking.


Using postfix and lda.

# openssl s_client -connect localhost:993
# a01 capability
* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND  
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST- 
EXTENDED I18NLEVEL=1 AUTH=CRAM-MD5 AUTH=NTLM
a01 OK Capability completed.


Note about below, fd limit is increased management script.
# dovecot -n
# 1.1.3: /opt/local/etc/dovecot/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full  
load (more than 768). Either grow the limit or change  
login_max_processes_count and max_mail_processes settings
log_path: /opt/local/var/ispbox/log/mail/dovecot.log
protocols: imap imaps pop3 pop3s
ssl_cert_file: /opt/local/etc/ssl/certs/dovecot.pem
ssl_key_file: /opt/local/etc/ssl/private/dovecot.pem
login_dir: /opt/local/var/run/dovecot/login
login_executable(default): /opt/local/libexec/dovecot/imap-login
login_executable(imap): /opt/local/libexec/dovecot/imap-login
login_executable(pop3): /opt/local/libexec/dovecot/pop3-login
mail_location: dbox:/opt/local/var/ispbox/mail/%d/%n/dbox
mail_executable(default): /opt/local/libexec/dovecot/imap
mail_executable(imap): /opt/local/libexec/dovecot/imap
mail_executable(pop3): /opt/local/libexec/dovecot/pop3
mail_plugin_dir(default): /opt/local/lib/dovecot/imap
mail_plugin_dir(imap): /opt/local/lib/dovecot/imap
mail_plugin_dir(pop3): /opt/local/lib/dovecot/pop3
auth default:
   mechanisms: cram-md5 ntlm
   passdb:
     driver: sql
     args: /opt/local/etc/dovecot/dovecot_mysql.conf
   userdb:
     driver: prefetch
   userdb:
     driver: sql
     args: /opt/local/etc/dovecot/dovecot_mysql.conf
   socket:
     type: listen
     client:
       path: /opt/local/var/spool/postfix/private/auth
       mode: 432
       user: _postfix
       group: _postfix
     master:
       path: /opt/local/var/run/dovecot/auth-master
       mode: 384
       user: _vmail


Thanks for any tips,
//Bradley

More information about the dovecot mailing list